.png?sv=2019-07-07&sig=PqdHE%2BwIRubpmLPfs4nm662xhWj2WtUOzRempfbOmPY%3D&spr=https%2Chttp&st=2023-03-25T11%3A07%3A33Z&se=2023-03-25T11%3A17%3A33Z&srt=o&ss=b&sp=r){kind=logo}
Axonius - Deploy Files and Run Shell Command on Windows Assets
- 29 Dec 2022
- 3 Minutes to read
-
Print
-
DarkLight
-
PDF
Axonius - Deploy Files and Run Shell Command on Windows Assets
- Updated on 29 Dec 2022
- 3 Minutes to read
-
Print
-
DarkLight
-
PDF
Axonius - Deploy Files and Run Shell Command on Windows Assets deploys an optional list of selected files and runs a command line on each of the windows devices which are the results of the query.
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonious. You can change the name according to your needs.
- Add description (optional) - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- A query only returns results for the asset type it was created for.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs and Adapter Fetch History Modules
- Action name - The name of the Main action. A default value is added by Axonious. You can change the name according to your needs.
- Configure Action Conditions - Toggle on to enter a condition statement. See Configuring Enforcement Action Conditions to learn more about condition statement syntax.
Connection Settings
- Use stored credentials from the Active Directory adapter (required, default: False) - Select this option to use the first connected Microsoft Active Directory (AD) adapter credentials.
- User and Password (optional, default: empty) - Provide credentials to connect and to execute the command on the windows device: user name and password.
- DNS Servers (optional, default: empty) - Specify a comma-separated list of DNS servers to be used to resolve the hostnames in the saved query supplied as a trigger (or devices that have been selected in the asset table).
- If supplied, Axonius will use the specified DNS server to resolve the devices' hostnames. For each asset, the first response will be the one to be used.
- If not supplied or if no response has been received from any of the specified DNS servers, the default DNS server will be used.
- Command - Specify the command you want to run on the windows device. Add a condition to the command to print the result into the Command Name field.
Note:
Even if you just want to deploy a file, you need to fill in this parameter.
- Command name - Specify the field name to be added to the device. If you set the Command field, then you must add a value to this field. This new device field will be populated if a condition has been added in the command field.
Note:
Even if you just want to deploy a file, you need to fill in this parameter.
-
Max timeout for the created process (optional, default: empty) - Set the maximum time (in seconds) for the created shell process to run before it is terminated.
-
Reset timer for each request in seconds (optional, default: empty) - Set the maximum time for each WQL query to return a response.
-
Files to deploy (optional, default: empty) - To deploy files on the device, use the following controls to upload one or more files:
- 'Choose file' - to choose a file to be upload.
- '+' - to upload additional file.
- 'x' - to remove the uploaded file.
NOTEThe uploaded files are deployed to the c:\windows\axonius folder. When uploaded, if a file with the same name already exists, it is overridden by the new uploaded file. Uploaded files are not automatically deleted. -
Files Directory (optional) - Specify the directory to which the files uploaded by the Enforcement Action will be deployed.
-
Tunnel Name - For Axonius-hosted (SaaS) deployments. Select the tunnel through which to connect to perform the action.
Required Ports
The following ports should be opened:
- 135 RPC
- 445 SMB
- Random port in the range: 1024-65535
For more details about other Enforcement Actions available, see Action Library.